three providers, Wi-Fi 6 and SMS authorization

This review was published on the e2e4 website back in January 2024. https://e2e4online.ru/articles/6551 But we thought that it could be useful now too – for those who are responsible for Wi-Fi in public places: cafes, salons, gyms and other relatively small organizations.

Tenda is a well-known networking equipment manufacturer known for its home routers with excellent price-performance ratio. However, Tenda also has more serious devices for the small and medium business (SMB) segment.

Tenda W30E — a router on a modern SoC Broadcom with a 4-core ARM processor. The device supports Wi-Fi 6 with a throughput of 2400 Mbps at 5 GHz and 600 Mbps at 2.4 GHz, four gigabit RJ-45 ports with flexible distribution between WAN and LAN segments, as well as a USB port. Captive Portal technology provides a ready-made solution for providing clients with Internet access with authorization via SMS.

In this review, I will talk about the hardware and software capabilities of the device. As part of the testing, I will check the declared technical characteristics. I will also tell you what Captive Portal is and why it should be used to authorize clients. In conclusion, I will describe the pros and cons of the router and determine its target audience.

What is Captive Portal?

One of the additional ways to attract customers to a cafe, restaurant, gym, hotel or shopping and entertainment center is free Internet access.

It would seem that to solve this problem it is enough to install a router and provide visitors with a Wi-Fi password. But this option is not suitable for organizations. Federal Law No. 97-FZ of May 5, 2014 requires owners of collective access points to mandatory identification of users. Failure to comply with this requirement may result in a fine of 100,000 to 200,000 rubles in accordance with Article 13.29 of the Code of Administrative Offenses of the Russian Federation. An even more severe punishment is provided if the client comes to the attention of competent authorities – Article 13.31 of the Code of Administrative Offenses provides for a fine of up to 1 million rubles. Such legal and financial consequences are unacceptable for organizations, and therefore users must be identified.

One of the convenient ways to authorize clients is a set of Captive Portal technologies (authorization portal). When an unknown device connects to an open access point (without a password) and tries to load any page in the browser, instead of the requested page, a suggestion to provide identification data appears. In most cases, a phone number is requested – a verification code is sent to it. After authorization, the client gets access to the Internet.

Not so long ago, the Captive Portal functionality required a separate server in the local network and complex settings available only to experienced system administrators. In recent years, with the increase in SoC power for routers, devices have appeared where all the functionality related to client authorization is located in one section of the Web interface. The Tenda W30E router is one of such devices – it provides the ability to SMS-authorize clients and does not require high qualifications from the administrator.

Delivery set and appearance

The Tenda W30E router is packed in a large box measuring 30×35 cm.

These dimensions are dictated by the need to accommodate five long antennas, which take up most of the interior space.

The delivery set is typical for routers in this segment – only a brief instruction and a power supply are available. The instruction provides the most basic recommendations for installation and connection, and the full version of the manual can be downloaded from Tenda official website.

The power supply unit is housed in a small case measuring 4.5×4.5×2.5 cm, combined with a plug. The length of the cable is 1.9 m. The power of the power supply unit is 18 W (12 V, 1.5 A). The plug is standard — 5.5×2.5 mm, which will allow you to quickly replace the power supply unit or connect the router to a 12-volt UPS if necessary.

The Tenda W30E router has an unusual design for home routers – it has a metal case with ports and indicators on the front panel and non-removable antennas on the back and sides.

When installed on a horizontal surface, the router will require a free space of 26×16 cm. Wall mounting is also acceptable.

There are four RJ-45 gigabit network ports on the front panel. The first of them always works as WAN (connection to the Internet), and the fourth as LAN (local area network), the other two ports are configurable.

To the left of the network ports are the power supply input, the Reset button for resetting to default settings, and three indicators: USB, WiFi, and SYS. The USB indicator lights up when a flash drive or external hard drive is connected and blinks when accessing them. WiFi is always on when at least one wireless access point is configured. SYS lights up when the router is turned on and blinks constantly after the system boots.

The router also has a USB port. It is located to the right of the network ports. I will tell you about the USB functionality in the Other Features and Testing sections.

In addition to two antennas, there are ventilation holes on the side edges of the router.

There are two screws on the back side, one of which is protected by a warranty sticker.

At the bottom, you can see stamped legs about a millimeter high, as well as slots for wall mounting. The cutouts are made in such a way that the router can be mounted on the wall in any of four positions.

Despite its weight of 600 grams, the router is quite easy to move, so when installing it on a horizontal surface, additional rubber feet may be required.

Internal structure

To open the case, simply unscrew the two screws on the back of the router and remove the cover.

The router board is small in size – it takes up about half the area. The wires from the antennas are neatly laid out and in some places are attached to the case with adhesive tape. It is clear that the side antennas are used for the 5 GHz range, and those at the back for 2.4 GHz. The main elements of the board are covered with a screen, on top of which a thick aluminum radiator is fixed. The only chip visible on the board is BCM53134This is a 4-port switch for the SMB segment with very low power consumption.

Apparently, there is an SoC under the screen BCM6756 – it maximally corresponds to the declared technical characteristics of the router.

The only electrolytic capacitor from a not very famous manufacturer, KYS, is located next to the power connector.

Wireless signals are received and transmitted using KCT RF modules (FEM).

On the back side of the board there is a 128 MB SLC NAND ESMT F50L1G41LB memory module. It is used to store the firmware and router settings.

Under the SoC there is the same shielding as on the front side. Individual elements of the board are covered with thick thermal pads that contact the bottom of the case.

The router does not have forced ventilation.

Setup and features

Following the current trends, Tenda offers the ability to configure the W30E router using an Android smartphone app. There is a QR code on the package that redirects to install the app.

There is also a more traditional way of setting up – using the Web interface. With the default settings, the login and password for accessing the Tenda W30E settings are admin, the router IP address is 192.168.0.1.

When you first log into the Web interface, you are prompted to configure the connection to the provider and wireless connection parameters. If necessary, the router will prompt you to connect the cable from the provider to the WAN port, but the lack of an Internet connection is not an obstacle to further configuration. The password for the wireless network can be set as the password for the router's Web interface if you check the corresponding box.

WAN, LAN and Wi-Fi settings

After the initial setup, the main interface of the router is available. The setup sections are selected in the left column, and the parameters are changed in the right one.

On the page System Status You can evaluate the current state of the router: availability of Internet access, number of connected clients, consumption of RAM and processor.

When you enable the Traffic Monitoring option, you can see a list of clients that create the maximum load on the network. The router warns that enabling traffic monitoring can reduce performance – it makes sense to use this function only when searching for the source of excess load.

Also on this page you can set limits on incoming and outgoing channels for all clients of the local network or prohibit them from accessing the Internet.

Internet and local network settings are collected in the section Internet Settings. Three ports can be selected to connect to providers. When changing the number of providers, the router requires rebooting. All popular connection types are supported: IPoE (static IP or DHCP), PPPoE and PPTP/L2TP.

For each WAN port, you can specify the interface speed, MTU and MAC address. It is possible to clone the MAC address from a connected PC.

The local network settings include DHCP server management. You can specify the range of IP addresses issued, lease time, and DNS server addresses.

This router does not support VLAN tags.

In the section Wireless wireless network settings are collected. The router allows you to create eight separate access points (four in the 2.4 and 5 GHz ranges), there is a separate section for two access points Guest NetworkEach network can have its own SSID or a common one for both bands. You can limit the maximum number of clients for each SSID.

The router does not allow forced use of WPA3 encryption, only WPA2+WPA3 is available. There is also no support for WPA2-Enterprise and WPA3-Enterprise.

For each wireless access point, you can specify a general bandwidth limit – for all connected clients as a whole. If you do not want wireless clients to communicate with each other, you can enable the Isolate this network option.

There is an even more aggressive restriction – a ban on access to the local network. In this case, clients connected to the access point can only use Internet access, the local network and router settings will be unavailable to them. It is worth noting that the first wireless network created will not have such a restriction, so it should be used for employees, but not for clients.

Each access point has its own MAC address filter. It can act as a white list (Only Allow – only the MAC addresses specified in the list will be able to connect to the network) or a black list (Only Forbid – the specified MAC addresses will not be able to connect to the network).

There are also low-level wireless network settings, they are located in the section Wireless – Advanced. This tab should be used with caution, as changing the settings in it may result in poor wireless network coverage or even the inability to connect individual devices.

In the section Address Reservation specifies the clients that will receive fixed addresses from the DHCP server. This may be necessary, for example, to distinguish between employees and clients and to use different policies for different ranges of addresses.

The router allows you to save the list of reserved IP addresses in CSV format and load it from a file.

In the section Bandwidth Control You can specify the speed characteristics of Internet providers and set restrictions separately for each device in the local network. I draw your attention to an important feature: WAN (Internet provider) restrictions are specified in megabits per second, and device restrictions within the network are specified in kilobytes.

Captive Portal

Probably the most popular functionality of this router is located in the section Authentication. This is where you can turn it on. Captive Portal and authorize clients via SMS or email. The appearance of the page displayed to an unauthorized client can be configured quite flexibly – you can use the logo and name of the organization, as well as change the page background. In the Disclaimer field, you can display legal information if required by law or the internal regulations of the organization.

After successful authorization, the transition to the requested page is performed by default, but you can configure a redirection to the organization's or partner's website. You can change the period during which the client is considered authorized and will not be redirected to the Captive Portal (by default – 24 hours).

In addition to authorization via SMS and email, you can use the local user database – it is stored in the section User Management. In addition, there is one-click authorization – in this case, there will be only one green button on the page, after clicking which the user will be considered authorized.

In order to use SMS authorization, you must have access to an SMS gateway to send a text message with a code. To do this, you can enter into an agreement with any mobile operator, with a third-party organization providing SMS gateway services, or even create your own gateway.

Email authorization is easier to implement – you just need to specify the SMTP server settings for sending messages. However, it will be much less convenient for clients, since they will have to open an email program or browser to find the code. I also recommend consulting a lawyer to determine whether email authorization will violate current legislation.

Tenda W30E allows you to specify which networks Captive Portal should be used for. You can select all wired interfaces and wireless networks or each separately. It is not possible to use different types of authorization for different networks.

The ability to use Captive Portal for a wired network may seem strange. But there are situations when this functionality is in demand. For example, in hotels, customers can connect a laptop not only to Wi-Fi, but also to an RJ-45 outlet, and outside their hotel room. In addition, you can use Wi-Fi on the Tenda W30E only for employees with the usual authorization using a common password, and for customers, set up a separate access point connected to one of the LAN ports and use the authorization portal for it.

I would like to point out that in the international version of the router that I tested, there is no way to use Russian characters in Captive Portal – they are saved in the router settings, but are not displayed on the portal. They promise to fix this problem in the localized version.

Other features

There is a section in the router's web interface AP Managementwhich allows you to centrally manage Tenda access points in the local network. Standard operations are available for all found devices: firmware update, reboot, reset to factory settings and Wi-Fi shutdown. There are also low-level Wi-Fi settings separately for each range.

In the section USB Sharing displays information about the connected disk. The USB disk is accessible via the SMB protocol. You can create two users – for full access and for reading only, but access to the disk without a password is impossible even in the second case.

The disk is always mounted automatically. Only ext and NTFS file systems are supported, the router does not see disks with FAT32 and exFAT. It is also not possible to use USB modems.

The Tenda W30E router has very rich traffic filtering settings. In particular, you can create several time intervals and IP address ranges, and then use them in other traffic control tools. For example, in Bandwidth Control You can limit the speed or prohibit Internet access for employees during non-working hours.

Of course, there are the usual filters by IP/MAC addresses, by ports and by domain names.

Router logs related to Internet access can be saved to a USB disk or to a syslog server on a local network. In the first case, you need to take care of both the physical security of the router (so that outsiders cannot remove the USB disk) and the network security (a secure password must be set to access the USB disk over the network).

In the section More additional functionality has been collected that may be required by a system administrator in certain situations. There are such features as static routes, port mirroring, remote router management via a browser, port forwarding for services in a local network, and dynamic DNS.

The Any IP function allows you to access the Internet not only from devices in the same local network as the router, but also from other local networks, which can be convenient if the internal network is segmented into separate ranges of IP addresses connected by a router or L3 switch.

Of course, the device has the functionality of a VPN server (for accessing the local network from the Internet) and a VPN client (for connecting to other local networks). In both cases, the PPTP and L2TP protocols are supported. If several WAN ports are used, you can specify through which provider the connection will be initiated.

In case of using several providers, the MultiWAN Policy function is available. It allows you to bind clients of the internal network to a specific provider (by default, all clients have access to all providers). Also here you can specify the site for checking the availability of WAN connections and the frequency of their checking.

In the last section, titled Maintenance You can update the router firmware, reset it to factory settings, reboot, change the access password, enable scheduled reboot, save or restore settings, use the ping and traceroute diagnostic utilities, and set the date/time.

Here you can also view the router's operation logs. There is a small filtering by events and the ability to save logs to a local disk (not to the router's USB disk).

The last item in the section Maintenance – Function Center — I would call it “For those who are confused.” All the router functionality is listed here. First come the functions that are used, then comes a list of unused features. When you click on a function, the corresponding section of the Web interface opens. Very convenient. And if it seems to you that the router is not working as expected, it makes sense to look into this section and make sure that nothing extra is configured.

Testing

First of all, I checked the routing performance of the Tenda W30E. If your ISP uses an IPoE connection (static or dynamic IP address), then the router will allow you to fully utilize the bandwidth of the gigabit WAN port.

WAN port bandwidth limits work correctly. After I set the limit to 200 megabits per second, the router limited the connection with perfect accuracy.

To determine the speed characteristics of the USB port, I connected a flash drive with proven read and write speeds of 250 MB/s to the router. A network drive with a flash drive was mounted on a laptop connected to the gigabit port of the router. The CrystalDiskMark test showed that the USB port operates in 2.0 mode. Thus, using the router as a network storage device (NAS) in a large network would not be the best idea. The connected drive is best used for the internal needs of the router or for storing backups that do not require the fastest possible recovery.

Using the above-mentioned network drive, I also checked the speed limits of devices in the local network. The download and upload limit for the laptop was set at 2 megabytes per second. In this case, the router also pleased with its perfect accuracy.

There was no way to fully test the Wi-Fi speed characteristics. But I managed to find a device with a similar SoC — ASUS RT-AX58U V2. This router also supports Wi-Fi 6 with a speed of 2400 megabits per second at 5 GHz and 600 megabits per second at 2.4 GHz.

I set it up in wireless client mode (Media Bridge) and connected to a 5GHz access point on a Tenda W30E router at the maximum possible speed of 2400 Mbps.

Since both routers have wired interfaces with much lower bandwidth than Wi-Fi, checking with iperf would not be informative.

I would like to point out that the Tenda W30E, unlike the ASUS router, cannot be used in wireless client mode to connect to another access point. On the other hand, the only practical use of the wireless client mode is to organize a long-distance communication channel using directional antennas. Its absence in a router with non-removable omnidirectional antennas can hardly be considered a disadvantage.

The router keeps quite informative logs, which can be saved to a USB drive or transmitted to a syslog server. To check, I launched it on a local network Visual Syslog Server and opened several sites on a laptop connected to the router. All laptop activity appeared in the logs. The router also records the time the device was online and when disconnected, it informs how long the device was active.

With default settings there are no open ports on WAN interfaces, nmap only finds a VPN server behind a firewall.

The device boots up in 50 seconds – that's how long it takes from the moment the router is powered up until the network interfaces are turned on.

The power consumption of the Tenda W30E was measured with a household wattmeter. With the access point turned on and a USB disk connected, the router consumes only 5 W from the network during the iperf test (routing at a speed of 1 gigabit per second). The included 18 W power supply was chosen with a large margin.

The internal structure of the router suggests that the bottom of the case, slightly to the right of the sticker, will heat up the most. Testing with an infrared thermometer confirmed this assumption. The maximum temperature on the bottom of the case during the iperf test was 38.2 degrees, other edges did not heat up above 34 degrees. The air temperature in the room during testing was 25 degrees.

During testing, no noise was recorded from the router or power supply.

Conclusion

Tenda W30E — an unusual router. Even externally it does not look like home devices, standing out with a large metal case and the placement of RJ-45 ports on the front panel. The web interface from the very first page offers all sorts of restrictions, blocking and filters — something that in home routers is either hidden in the depths of the menu or not implemented at all. And, of course, the Tenda router offers features that are extremely important for small and medium businesses — Captive Portal with user authorization via SMS, logging of user activity and connection to three Internet providers.

Tenda W30E seems to be the optimal solution for the HoReCa sector: cafes, restaurants, hotels, recreation centers, as well as fitness centers and beauty salons.

The Tenda router provides client authorization in accordance with current legislation in a couple of clicks. To configure the Tenda W30E, you do not need a highly qualified system administrator; in terms of ease of configuration, the router is comparable to home models. The advantages of the device include the cost, which promises to be significantly lower than similar solutions from the SMB segment.

Tenda W30E is not suitable for large organizations with a distributed structure and centralized network management. The router does not have a command-line interface with Telnet/SSH access, the ability to collect traffic statistics via SNMP and send all events to a syslog server. For these reasons, no system administrator responsible for dozens and hundreds of network devices will give the go-ahead to install such a router.

Also, Tenda W30E will not be the best option for home use due to overpayment for unused functionality. Even if a backup communication channel is required at home, in most cases it is provided by a 3G/4G modem, and the router does not provide the ability to connect such equipment.